FBI Agent's Laptop 'Hacked' To Grab 12 Million Apple IDs - UPDATED

FBI special agent Christopher Stangl as he appeared in a video calling on hackers to join the federal agency.

UPDATE Sept. 11, 12:20 GMT: Following the FBI's denials that an agent's laptop was breached to grab 12 million Apple UDIDs, a small app publisher in Florida has confirmed that it was the source of the device identifiers. The CEO of Blue Toad said his company had reported the breach, which reportedly occurred in the last two weeks, to law enforcement. “We’re pretty apologetic to the people who relied on us to keep this information secure,” Chief Executive Paul Hart told NBC. Read the full story and its privacy implications here. As for Anonymous, the revelation could mark a new dent on the network's credibility, despite its already-solid reputation for "trolling" via networks like 4chan and Twitter. Organizers have said on Twitter that "There is still no evidence. Stay tuned," but the appearance of lying in their earlier press release will make any future leaks by the subversive network much harder for anyone to believe.

UPDATE Sept. 4, 21:50 GMT: The FBI has denied that it ever had the 12 million Apple IDs in question: "Statement soon on reports that one of our laptops with personal info was hacked," it said on Twitter. "We never had info in question. Bottom Line: TOTALLY FALSE." It also said in an emailed statement: "The FBI is aware of published reports alleging that an FBI laptop was compromised and private data regarding Apple UDIDs was exposed. At this time, there is no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data."

UPDATE Sept. 4, 19:00 GMT: There is some speculation that an app developer, not Apple, released the dataset of 12 million device IDs to the FBI. Marco Arment of Instapaper writes on his blog that, "all of this information could have been collected from an app transmitting data to a server... This is exactly the information that an ad network would want to collect. Apple and the carriers probably weren’t involved at all." He adds that the "popular and free AllClear ID app, related to NCFTA, is a likely culprit," given the name of the dataset stolen by hackers (see below).

An AllClear spokeswoman denied the company's involvement, saying, "AllClear ID does not collect, nor has it ever collected, UDIDs. We have determined this incident is not linked to AllClear ID."

The NCFTA, or National Cyber Forensics and Training Alliance, is a non-profit partner with the FBI whose legal arrangement with the government allows it to hand over information to the FBI. Forbes privacy writer Kashmir Hillwrites that NCFTA is not allowed to share names or addresses of people affiliated with the scheme. AllClear ID a free iOS app that aims to protect a user's identity from fraud.

The inclusion of "Push Notification Tokens" in the data leak was another reason to believe the data had come from an app developer. Apple's Push Notification Service can decrypt these token using a key, according to its site for developers. This means that if an app developer (or developers) leaked the data, Apple could potentially identify them.

UPDATE Sept. 4, 17:50 GMT: Anonymous / Antisec supporters have posted a sample of 100 Apple mobile device identifiers from the breach, in plain text, viewable here. The data is in four columns 1) the Apple device unique device identifier 2) the Apple Push Notification Service DevToken 3) the device name 4) the device type. They say it lists the top 50 and bottom 50 UDIDs in the dataset. One source from Anonymous says supporters are currently working on uploading the full, unencrypted dataset of 1 million UDIDs to the web, as well as a searchable database.

-----------

Three years ago special agent Christopher Stangl appeared in a video calling on people with computer science degrees to join the Federal Bureau of Investigation, saying they were needed "more than ever." Last night, hackers with subversive online networks Anonymous and Antisec answered that call with nothing short of irreverence: they published what they claimed were more than 1 million unique device identifier numbers, (UDID) for Apple devices, stolen from Stangl's own laptop.

In total, the hackers say they were able to steal more than 12 million of these strings of numbers and letters, but, "we decided a million would be enough to release." They announced the hack through the widely-watched Twitter feed, @AnonymousIRC last night.

Forbes cyber security reporter Andy Greenberg has downloaded the encrypted file posted by Anonymous containing the identifiers, and decrypted it. "It does seem to be an enormous list of 40-character strings made up of numbers and the letters A through F, just like Apple UDIDs," he reports. The data is being analyzed by cyber security research firms like Denmark's CSIS, whose specialist Peter Kruse tweeted earlier today that three of his devices were in the leaked data.